"Piping Hot Intelligence" for the enterprise:
- Piping = Unix pipes (
|) chaining commands and AI - Hot = Fresh, production-ready, straight from the pipeline
Target Audience: DevOps engineers, platform teams, security-conscious enterprises
Slide: Terminal with a simple command
Say this:
"I want to show you something. Watch carefully."
$ ma task.copilot.mdPause. The terminal comes alive.
"That markdown file just ran an AI agent. It read my codebase. It analyzed my changes. It wrote a report. But here's the question..."
Reveal the punchline:
"What if that markdown file lived in your CI/CD pipeline? What if EVERY pull request got this treatment, automatically?"
Show the real magic:
$ git diff main..HEAD | copilot -p "Review this PR for security issues" -s"Data in. Intelligence out. The fifty-year-old pipe operator now carries something new. Let me show you how to productionize it."
The old way:
Developer writes code → Manual review → Hope for the best → Ship it
The new way:
Developer writes code → AI pre-review → Human review → AI changelog → Ship with confidence
The equation:
Production AI = Instructions + Tools + Permissions + Audit Trail
Key insight:
"In enterprise, you don't just run AI. You run AI you can explain, audit, and control."
# Non-interactive mode (REQUIRED for pipelines)
copilot -p "prompt" -s
# Model selection for cost control
copilot -p "..." --model claude-haiku-4.5 # $0.25/M tokens - triage
copilot -p "..." --model claude-sonnet-4 # $3/M tokens - daily work
copilot -p "..." --model claude-opus-4.5 # $15/M tokens - deep analysis
# Permission boundaries (CRITICAL for security)
copilot -p "..." --allow-tool 'shell(git:*)' # Git operations only
copilot -p "..." --allow-tool 'Read' # Read-only access
copilot -p "..." --allow-tool 'shell(npm:run)' # Specific npm commandWhy -s (silent) matters:
"Silent mode strips the interactive decorations. What's left is pure text output that can be captured, parsed, and piped. This is what makes Copilot CI/CD-ready."
Slide: GitHub PR interface
# In your CI pipeline
git diff main..HEAD | copilot -p "Review for:
1. Security vulnerabilities
2. Breaking API changes
3. Missing error handling
Format as markdown checklist." -s > pr-review.mdOutput:
## PR Review
### Security
- [ ] Line 47: SQL query uses string concatenation - potential injection
- [x] Auth tokens properly scoped
### Breaking Changes
- [ ] `getUserById` signature changed - update callers
### Error Handling
- [ ] `fetchData()` missing try/catch"That runs in 3 seconds. Every PR. Automatically. Before a human even looks at it."
Slide: Traffic light: Green (Haiku), Yellow (Sonnet), Red (Opus)
#!/bin/bash
# escalate-review.sh - Smart model selection
DIFF=$(git diff main..HEAD)
LINES=$(echo "$DIFF" | wc -l)
if [ "$LINES" -lt 50 ]; then
# Small change: fast model
echo "$DIFF" | copilot -p "Quick review" -s --model claude-haiku-4.5
elif [ "$LINES" -lt 500 ]; then
# Medium change: balanced model
echo "$DIFF" | copilot -p "Thorough review" -s --model claude-sonnet-4
else
# Large change: deep analysis
echo "$DIFF" | copilot -p "Architecture review" -s --model claude-opus-4.5
fiThe math:
| PR Size | Model | Cost | Time |
|---|---|---|---|
| < 50 lines | Haiku | ~$0.01 | ~2s |
| 50-500 lines | Sonnet | ~$0.05 | ~5s |
| 500+ lines | Opus | ~$0.50 | ~15s |
"Haiku handles 80% of PRs. Opus handles the 5% that matter. Your CI budget thanks you."
Slide: Vault door with "PERMISSIONS" label
# LOCKED DOWN: Analysis only (no execution, no writes)
copilot -p "Analyze this code" -s \
--allow-tool 'Read'
# CONTROLLED: Git operations only
copilot -p "Generate commit message" -s \
--allow-tool 'shell(git:*)' \
--allow-tool 'Read'
# SCOPED EXECUTION: Specific npm commands only
copilot -p "Run tests and fix failures" -s \
--allow-tool 'shell(npm:test)' \
--allow-tool 'shell(npm:run lint)' \
--allow-tool 'Read' \
--allow-tool 'Edit'
# NEVER IN CI: Full autonomy (interactive only!)
copilot -p "..." --allow-all-tools # Developer machines onlyThe trust matrix:
| Environment | Permission Level | --allow-tool Pattern |
|---|---|---|
| CI Read | Audit only | Read |
| CI Write | Controlled | Read, Edit, shell(git:*) |
| Local Dev | Extended | shell(npm:*), shell(pnpm:*) |
| Supervised | Full | --allow-all-tools (with human) |
"In production, permissions aren't optional. They're your audit trail. They're your compliance story."
# In CI/CD after merge to main
git log --oneline $(git describe --tags --abbrev=0)..HEAD | \
copilot -p "Generate changelog:
- Group by: Features, Fixes, Breaking Changes
- Format: Keep a Changelog style
- Highlight security-relevant changes" -s >> CHANGELOG.mdOutput:
## [Unreleased]
### Added
- User profile API endpoint (#142)
- OAuth2 refresh token support (#147)
### Fixed
- Memory leak in connection pool (#144)
### Security
- Updated bcrypt to v5.1 (CVE-2024-xxxx) (#148)
### Breaking
- `getUser()` now returns Promise (#145)# In CI on test failure
npm test 2>&1 | \
copilot -p "Analyze these test failures:
1. Identify root cause
2. Check if related to recent changes
3. Suggest fix or workaround
Recent changes:
$(git log --oneline -5)" -s --model claude-sonnet-4Why this matters:
"Junior devs get senior-level failure analysis. On every build. At 3 AM."
# After security scanner runs
cat security-scan.json | \
copilot -p "Triage these findings:
- CRITICAL: Must fix before merge
- HIGH: Fix within sprint
- MEDIUM: Track in backlog
- LOW/FALSE POSITIVE: Explain why
Context: This is a Node.js API service." -s \
--model claude-sonnet-4 > security-triage.md# .github/workflows/ai-review.yml
name: AI-Assisted Review
on: [pull_request]
jobs:
ai-review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Quick Triage (Haiku)
run: |
git diff origin/main..HEAD | \
copilot -p "SIMPLE, MODERATE, or COMPLEX?" -s \
--model claude-haiku-4.5 > complexity.txt
- name: Full Review (Model based on complexity)
run: |
COMPLEXITY=$(cat complexity.txt)
if [ "$COMPLEXITY" = "COMPLEX" ]; then
MODEL="claude-opus-4.5"
else
MODEL="claude-sonnet-4"
fi
git diff origin/main..HEAD | \
copilot -p "Security and architecture review" -s \
--model $MODEL > review.md
- name: Post Comment
uses: actions/github-script@v7
with:
script: |
const review = require('fs').readFileSync('review.md', 'utf8');
github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: review
});"We version our infrastructure. We version our tests. But our AI prompts? They're scattered across scripts, undocumented, untested."
Pain points:
- Complex flag combinations across different pipelines
- No standardization across teams
- Prompts duplicated and drifting
- No way to test prompt changes before production
Slide: Architecture diagram showing .md files in repo
$ ma review.copilot.mdThe file:
---
model: claude-sonnet-4
allow-tool:
- 'shell(git:*)'
- Read
silent: true
---
## PR Review Checklist
Review these changes for enterprise readiness:
### Security
- Authentication/authorization issues
- Input validation gaps
- Secrets or credentials in code
### API Stability
- Breaking changes to public interfaces
- Deprecation warnings needed
### Operations
- Missing observability (logs, metrics)
- Error handling completeness
- Resource cleanup
Changes to review:
!`git diff main..HEAD`1. Version Control
git log -- agents/review.copilot.md
# See exactly when prompts changed2. Code Review for Prompts
# PR: "Update security review prompt"
git diff agents/review.copilot.md3. Testing
# Test prompt changes on sample diffs
cat test-fixtures/security-vuln.diff | ma review.copilot.md4. Standardization
repo/
agents/
review.copilot.md # All teams use same review
changelog.copilot.md # Consistent changelogs
triage.copilot.md # Same triage logic
# agents/ci/pr-review.copilot.md
---
model: claude-sonnet-4
allow-tool:
- 'shell(git:*)'
- Read
silent: true
---
Enterprise PR review. Security-first.
# agents/ci/changelog.copilot.md
---
model: claude-haiku-4.5
allow-tool:
- 'shell(git:log)'
silent: true
---
Generate changelog from commits.
# agents/ci/test-analysis.copilot.md
---
model: claude-sonnet-4
allow-tool:
- Read
silent: true
---
Analyze test failures and suggest fixes.Usage in pipeline:
ma agents/ci/pr-review.copilot.md < changes.diff
ma agents/ci/changelog.copilot.md >> CHANGELOG.md
npm test 2>&1 | ma agents/ci/test-analysis.copilot.mdThis week:
- Add one agent to your CI:
pr-review.copilot.md - Set permissions explicitly:
--allow-tool 'shell(git:*)' - Use escalation: Haiku for triage, Sonnet for work, Opus for complexity
- Version your prompts: Commit them like code
Production AI = Instructions + Tools + Permissions + Audit Trail
Your markdown files are now:
- Your AI runbooks
- Your compliance documentation
- Your team's institutional knowledge
- Your competitive advantage
- markdown-agent:
npm install -g markdown-agent - GitHub Copilot CLI:
gh copilot - This talk's agents: [gist link]
"We spent a decade on 'infrastructure as code.' Now we add 'intelligence as code.' Same rigor. Same version control. Same code review. New capability."
| Section | Time | Cumulative |
|---|---|---|
| Hook: ma + pipe demo | 2 min | 2 min |
| Enterprise equation | 2 min | 4 min |
| Core flags for CI/CD | 2 min | 6 min |
| Demo 1: PR Review | 2 min | 8 min |
| Demo 2: Escalation pattern | 2 min | 10 min |
| Demo 3: Permissions | 2 min | 12 min |
| Enterprise patterns (4 examples) | 4 min | 16 min |
| Resolution: markdown-agent reveal | 3 min | 19 min |
| Closing | 1 min | 20 min |
-sunlocks CI/CD - Silent mode makes output pipeable- Permissions are mandatory -
--allow-toolis your audit trail - Escalate by complexity - Haiku triages, Sonnet works, Opus thinks
- Version your prompts - Markdown files in git = prompt infrastructure
- Production AI = Instructions + Tools + Permissions + Audit
- Terminal with large font (24pt+)
- Git repo with realistic PR diff
- GitHub Actions workflow file ready
- Pre-written
.copilot.mdagent files - Test all permission combinations before talk
- Backup: screenshots of each demo
- Copilot CLI installed and authenticated
- Network connectivity verified
---
model: claude-sonnet-4
allow-tool:
- 'shell(git:*)'
- Read
silent: true
---
Review this PR for enterprise readiness:
- Security vulnerabilities
- Breaking API changes
- Missing error handling
- Observability gaps
Format as actionable checklist.---
model: claude-haiku-4.5
silent: true
---
Classify this change as SIMPLE, MODERATE, or COMPLEX.
Respond with ONLY one word.---
model: claude-haiku-4.5
allow-tool:
- 'shell(git:log)'
silent: true
---
Generate a changelog entry from these commits.
Group by: Features, Fixes, Security, Breaking Changes.
Use Keep a Changelog format.---
model: claude-sonnet-4
silent: true
---
Analyze these test failures:
1. Identify root cause
2. Suggest specific fix
3. Note if this is a flaky test pattern"In enterprise, you don't just run AI. You run AI you can explain, audit, and control."
"Haiku handles 80% of PRs. Opus handles the 5% that matter. Your CI budget thanks you."
"In production, permissions aren't optional. They're your audit trail. They're your compliance story."
"We version our infrastructure. We version our tests. Why not our prompts?"
"Junior devs get senior-level failure analysis. On every build. At 3 AM."
"We spent a decade on 'infrastructure as code.' Now we add 'intelligence as code.'"
# Run after trivy/snyk/etc
trivy fs . --format json | \
copilot -p "Prioritize these vulnerabilities:
- Which affect production?
- Which have known exploits?
- What's the remediation order?" -s \
--model claude-sonnet-4# Generate release notes from changelog
cat CHANGELOG.md | \
copilot -p "Generate customer-facing release notes.
Highlight: new features, important fixes.
Omit: internal refactors, minor fixes.
Tone: professional, concise." -s > RELEASE.md# Gather context for postmortem
{
echo "## Error Logs"
cat error.log | tail -100
echo "## Recent Deployments"
git log --oneline -10
echo "## Config Changes"
git diff HEAD~5 -- '*.yaml' '*.json'
} | copilot -p "Draft incident postmortem:
- Timeline
- Root cause
- Impact
- Remediation steps" -s --model claude-opus-4.5Talk outline for Microsoft AI Dev Days Theme: Piping Hot Intelligence - Enterprise CI/CD Edition Duration: 15-20 minutes Focus: Production-ready AI pipelines with audit trails